If you’ve been following the news lately then you must’ve come across the news about the latest infection by a ransomware called as WannaCrypt or WannaCry for short. This new ransomware that has wreaked havoc across the whole world in the last couple of days. In countries like US companies like FedEx have become one of the potent targets of such threat. According to the reports, the WannaCry Ransomware had already infected over 114,000 Windows systems throughout the world.
Companies like Microsoft after getting the Kill Switch(ed) of the ransomware has released security patches for its user base. Microsoft has also released a security patch for all the unsupported version of Windows also, including Windows XP, Vista, Windows 8, Server 2003 and all the remaining 2008 editions OS’s. Let us learn what all had been done regarding the threat as of now and what are the odds of getting it fixed completely.
What Actually WannaCry Ransomware Does?
Once the system gets infected by the ransomware, it locks the files by encrypting them. And then requires the victim to pay $300 in the form of Bitcoins to get the files decrypted back. If the warning is ignored, then the threat doubles the amount to $600 in Bitcoins, after 2-3 days.
And as it is a ransom, there is no guarantee that you’ll get your files back even after paying the ransom amount. The only solution left after getting infected to wipe the complete hard drive and re-install the OS.
This way you’ll lose each and every file on your system. For your knowledge, the criminals behind the ransom have already got paid from over 100 payments from the victims. A total of 15 Bitcoins have already been paid, which equals to $26, 090 roughly.
What Has All Been Done About the Ransomware?
If you’ve been following the latest news regarding WannaCry, you might have across that a security researcher has activated a ‘Kill Switch’ which has apparently stopped the spread of the infection. But this is not 100% true, as the kill switch hasn’t yet killed the ransomware completely, but rather just slowed the infection rates as of now.
According to many security researchers, they’ve found many other variants of this ransomware that either has no kill switches or have different sets of kill switch domains. This makes it even more difficult to counter their attacks and based on their predictions, these newly can you and modified WannaCry variants will continue to infect more unpatched PC’s in the coming days.
So, where this all is going to? Is WannaCry 3.0 is real? And the 2.0 variant was just a test?
These newly formed variants of the ransomware are insanely fast if we talk about their spreading potential. That leverages a Windows SMB exploit and remotely target a computer that is still unpatched or running any unofficial build of the windows.
Once the system is infected, the threat will scan other computers connected to the same networks and spreads to those PC’s too; it is like a chain-reaction.
The Original Attack is Now Being Stalled
Yes, as mentioned earlier, the earlier attack that took place 2-3 days back has been slowed down. The domain from which the WannaCry ransomware started to spread was iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com, that had a kill switch. The kill switch when activated, enables a self-destruction mode on the code, and theoretically has stalled the proliferation.
The WannaCry 3.0 Variants with Proof!
The story of the spread has not yet been finished as of now, and the new variant has already been surfaced the internet. It seems like this is never going to end. The security researcher who originally planted the kill switch has said that the WannaCry 3.0 is real. Matthieu Suiche tried to reverse crack and found using the domain, ifferfsodp9ifjaposdfjhgosurijfaewrwergwea.com. He also found that it is the new kill switch address.
Matt, fortunately, bought the domain then and there and somehow tried to prevent its spread any further.
What You Can Do to Prevent Yourself from Another Attack from WannaCry?
There are a set of steps that are to be taken by each and every one who still haven’t patched their systems. Or who knows, we would be finding WannaCry 4.0 in some days. You can employ these steps to be safe and browse the internet securely.
Keep the System Up to Date
As there are many PC worldwide that needs to be updated and receive the latest sets of patched released by Microsoft and Antivirus Manufacturers. If you are on any supported version of Windows such as Windows 10, make sure to check for the latest updates and update your system as soon as you can. Or even if you are on any unsupported build, it’s time to move to the Windows 10 variant, if you want your data not to be compromised.
Make sure to enable the Firewall by going to the Windows Control Panel. Firewall makes sure that any inbound connections can be easily blocked. Make sure to modify some settings and block the access to SMB ports over the internet. The protocol operates on the TCP ports 137, 139, and 445 and over UDP ports 137 and 138.
Completely Disable SMB
As the ransomware made its way to the Windows OS through SMB exploit, make sure to completely block and disable the SMB (Server Message Block).
Keep Antivirus Software Up to Date
Virus, malware, adware and even ransomware definitions are being dispatched by the antivirus developers to their users from time to time. Make sure to use a genuine antivirus and keep its definitions updated.
We all have some or the other source to taking a backup of our files. Either it could be an external hard disk or even cloud storage will do. Make sure to backup your data regularly, so that your files remains safe.
Beware of Phishing
Don’t open and suspected links. Such links can be circulated through the internet via email clients. It has been found that some document, or media files were also planted with phishing data and after you download it, your PC will get affected.
You should also improve your online security at home, as chances are more that it can show more worse effect than last one and it would be better idea to secure your all important file in multiple places.
This article is written by Sejal Parmar, she is a security researcher and she loves to write about the latest cyber attacks & Ransomware.